PYSEC-2016-4

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/jwcrypto/PYSEC-2016-4.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2016-4

Aliases

Published

2016-09-01T23:59:00Z

Modified

2024-04-29T16:41:32.606701Z

Summary

[none]

Details

The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).

References

Affected packages

PyPI / jwcrypto

Package

Name: jwcrypto; View open source insights on deps.dev
Purl: pkg:pypi/jwcrypto

Affected ranges

Type: GIT
Repo: https://github.com/latchset/jwcrypto
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

eb5be5bd94c8cae1d7f3ba9801377084d8e5a7ba

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.0

Affected versions

0.*

0.2.0

0.2.1

0.3.0

0.3.1